To add a custom DLP engine:

1. Go to Policies > Data Protection > Common Resources > Dictionaries & Engines > DLP Engines.
2. Click Add DLP Engine.

The Add DLP Engine window appears.

3. In the Add DLP Engine window, enter the Name for the custom DLP engine.
4. For Engine Builder: Add operators and DLP dictionaries to build an expression. You can see your expression in the Expression Preview.

See image.

Under Expression:

1. Select an operator to build your expression. The operators include All (AND), Any (OR), Exclude (AND NOT), and Sum. The Sum operator is available for count-based DLP dictionaries (i.e., Credit Cards, Social Security Numbers, etc.) and allows you to specify the sum total of matches that trigger a group of dictionaries specified in the DLP engine.

For the root expression, only the All (AND), Any (OR), and Sum operators are allowed.

2. Select a dictionary from the drop-down menu, then specify a match count as needed.
3. Click Add to add a Dictionary or a Subexpression. Click the Remove icon () to delete dictionaries or subexpressions.

• If you use the Sum operator, select two or more predefined or custom DLP dictionaries. You must set a value for the match count. You can enter any value less than 1,000.
• If you use the All, Any, or Exclude operators, you must select a predefined or custom DLP dictionary. Certain dictionaries require you to set a value for the match count. You can enter any value less than 1,000.
  See image.

  

  Close
• If you click Subexpression, you must select an operator. The operators include All (AND), Any (OR), Exclude (AND NOT), and Sum. The Sum operator is available for count-based DLP dictionaries (i.e., Credit Cards, Social Security Numbers, etc.) and allows you to specify the sum total of matches that trigger a group of dictionaries specified in the subexpression.

You can use the Sum operator as part of a subexpression; however, you cannot add a subexpression to an expression or subexpression that uses the Sum operator.

See image.

4. Continue adding dictionaries and operators to the expression as needed. At each level, you can create up to 4 subexpressions, use up to 4 operators, and add up to 16 dictionaries per operator.
5. (Optional) For Description, enter any additional notes or information. The description cannot exceed 255 characters.
6. Click Save and activate the change.

You can also add a custom DLP engine through the Internet & SaaS API. If the expression sent for the DLP engine through the API is broken or not recognized, even though it is synthetically correct, the engine builder cannot parse the dictionary. In this case, you need to manually recreate the expression in the Edit DLP Engine window in the Admin Portal. In the Edit DLP Engine window, the expression that could not be parsed is displayed in the Reference Expression field and a blank Engine Builder section is displayed. You can then recreate the expression by adding it again in the Engine Builder section by referring to the expression in the Reference Expression field.

The following are some examples of expressions that cannot be parsed by the engine builder:

• (D63.S > 0 AND NOT D39.S > 0)
• (D63.S > 0 OR NOT D39.S > 0 AND NOT D125.S > 0)
• (SUM(D63.S, D246.S) > 2)

See image.